Get In Touch
By Bill Brenner, Akamai SIRT senior tech writer Akamai's Security Intelligence Research Team (SIRT) is conducting research into the security posture of the Internet Key Exchange (IKE & IKEv2) protocol. The paper outlines the findings thus far, including configurations in the protocol itself that attackers could potentially leverage to launch reflected DDoS campaigns.
Akamai continues to investigate the Glibc vulnerability outlined in CVE-2015-7547 to see how its technology may be affected. As part of the DNS query process, Glibc is used by many systems across the Internet -- and at Akamai -- and all versions of Glibc's getaddrinfo () library functions since version 2.9 are potentially vulnerable to a range of attacks based on a stack buffer overflow.
It's been widely reported that Hollywood Presbyterian Medical Center experienced a ransomware attack on February 5 that encrypted their data and disabled their network. The hospital was forced to revert to paper and faxes to relay patient information, and hospital operations were so strained that they succumbed to the cyberattack and paid the hackers 40 bitcoins, or about $17,000, to get the decryption key.
Earlier today, Akamai announced the launch of a completely new product, Bot Manager. You can read more about the details in the press release and on Akamai.com. I won't bore you by repeating them, but I did want to add some color on why it matters.
By Bill Brenner, Akamai SIRT Senior Tech Writer During the past few quarters, Akamai has observed and successfully mitigated a large number of DNS reflection and amplification DDoS attacks abusing Domain Name System Security Extension (DNSSEC) configured domains. As with other DNS reflection attacks, malicious actors continue to use open DNS resolvers for their own purpose -- effectively using these resolvers as a shared botnet. This technique has also been
Lately, it seems, bots have been taking a beating in the security press. They are blamed for DDoS attacks, for Web Attacks, for price scraping, for Grey Marketeering, and even, according to some, for Ted Cruz's recent win in Iowa. Bot are ALL bots bad ALL the time? We say NO! Why not? Let me count the ways:
I recently spoke with Insurance CIO Outlook Magazine in response to an award Akamai received as a top 10 security provider for insurers. As part of the discussion, I shared the importance of security for insurance digital transformation.
A common defensive rule of information security is that once you detect an attack against your organization's Web applications, you must mitigate the attack by stopping it. In other words: "stop it once you can." But what if the rules of the defenders vs. attackers "game" have changed and the teams are not playing in the same league anymore? For example, here are some of the "game" changers from recent
On Jan. 28, 2016, OpenSSL released a new version of OpenSSL software. This release contains (among others) two potentially important security fixes to which we would like to draw your attention: SSLv2 does not block disabled ciphers (CVE-2015-3197) and DH small subgroups (CVE-2016-0701) Akamai would like to inform you that our customers are not vulnerable to these issues on our delivery platform, however, customers should confirm that their origin servers